News & Updates

In this video by Jennifer Hahn, we explore all the right (and wrong) ways to rid the world of drones. (video link)

So you want to kill a drone. Maybe your neighbors are flying their machines over your backyard or zooming past your windows. Maybe you’re on stage giving a talk about implementing SSL and you’re being dive-bombed by drone cam. Heck, maybe you want to destroy your own drone just to watch it die. We understand, and that’s why Ars‘ intrepid video editor Jennifer Hahn has made this helpful guide to drone destruction.

In Utah, state representatives are already considering a bill that would allow cops to shoot down drones. In most states, it’s unclear whether it’s lawful to shoot down a drone that doesn’t belong to you. Just to be on the safe side, we advise putting the shotguns away for now. There are far better anti-drone weapons out there, like drone jammers that use directed RF signals to cut off communication between the drone and its controller. Or you can use another drone, equipped with a net, to yank the offending drone out of the sky. Of course, you can also go low tech. One person killed a drone with medieval weapons, while another used a simple t-shirt whip.

Read 1 remaining paragraphs | Comments


For untold centuries, humans tracked the regularities of the natural world and developed systems that let us make predictions about the future. But, with a few rare exceptions, we did little more than that. The few stabs made at understanding things were anything but systematic, and they didn’t produce unified theories about the underlying properties of the physical world. But then, roughly 500 years ago, everything changed.

To hear David Wootton tell it in his new book The Invention of Science, 16th-century Europe was the last place you’d expect an intellectual revolution. It was a region where witchcraft and unicorns were accepted as real, even by the intellectual classes. They also felt that the Greeks and Romans had already discovered everything worth knowing. An extended hangover from a night out with Aristotle and Christian theology stifled anything that looked like a sense of inquiry. Knowledge, if anything, was on the decline.

Yet, as Wootton explains, the intellectual ferment started by Copernicus and Galileo brought about a change that led to the breakthroughs of Boyle, Pascal, and Newton. Some of their findings are still in use today, and the scientific approaches they pioneered have expanded in scope to revolutionize the modern world.

Read 19 remaining paragraphs | Comments


Making a qubit is easy. Controlling how they communicate, however… (credit: NSF)

There are many different schemes for making quantum computers work (most of them evil). But they pretty much all fall into two categories. In most labs, researchers work on what could be called a digital quantum computer, which has the quantum equivalent of logic gates, and qubits are based on well-defined and well-understood quantum states. The other camp works on analog devices called adiabatic quantum computers. In these devices, qubits do not perform discrete operations, but continuously evolve from some easily understood initial state to a final state that provides the answer to some problem. In general, the analog and digital camps don’t really mix. Until now, that is.

The adiabatic computer is simpler than a quantum computer in many ways, and it is easier to scale. But an adiabatic computer can only be generalized to any type of problem if every qubit is connected to every other qubit. This kind of connectivity is usually impractical, so most people build quantum annealers with reduced connectivity. These are not universal and cannot, even in principle, compute solutions to all problems that might be thrown at it.

The issues with adiabatic quantum computers don’t end there. Adiabatic quantum computers are inherently analog devices: each qubit is driven by how strongly it is coupled to every other qubit. Computation is performed by continuously adjusting these couplings between some starting and final value. Tiny errors in the coupling—due to environmental effects, for instance—tend to build up and throw off the final value.

Read 17 remaining paragraphs | Comments


By the end of the 1980s, the story of the video game industry had become a Homeric epic. There was the rise and fall of Atari, the American company that defined both the art and commerce of video game development, placing games consoles in millions of homes and striking multi-million dollar deals with Hollywood before a market collapse saw the beleaguered company’s games and machines literally buried in sand.

There was the Eastern saviour Nintendo, the century-old playing card manufacturer whose bright-eyed employee, Shigeru Miyamoto, designed games of such striking quality that they brought the industry back from the brink of oblivion. In the UK, a gaggle of nerdy young men, including David Braben, Peter Molyneux, Archer Maclean, and Jeff Minter, found fame by using the computer games they programmed in their bedrooms to escape Britain’s troubles both at home (industrial strikes, economic shudders) and abroad (IRA bombings, war in the Falklands).

By 1990 things had begun to stabilise. The British games scene became defined by regional publisher-developers that operated out of computer shops or remote business parks. They burned games onto discs and cassette tapes before selling them from newsagents and computer stores. 17-Bit Software was one such outfit, based in a cramped office above an amusement park in Wakefield, West Yorkshire. A local entrepreneur, Michael Robinson, who also ran a popular chain of computer retail shops called Microbyte, started the company. His idea was simple yet ingenious: find the next generation of talented young game developers, sign their games the same way record labels sign bands, and sell their games through Microbyte stores.

Read 32 remaining paragraphs | Comments


The cover of “Led Zeppelin IV” from 1971. “Stairway to Heaven” is song No. 4. The album was remastered in 2014. (credit: vinylmeister)

There’s a lady who’s sure
All that glitters is gold
And she’s buying a stairway to heaven

“Stairway to Heaven” intro.

Starting Tuesday, one of rock and roll’s most iconic songs, “Stairway to Heaven,” will be scrutinized by a federal jury tasked with deciding whether the 1971 Led Zeppelin song—which has generated some $500 million in revenue—infringes the 1968 instrumental song “Taurus” produced by the psychedelic band Spirit.

This isn’t the first time Zep has been accused of infringement. In 2012, the band struck an out-of-court deal with singer-songwriter Jake Holmes regarding his 1967 song “Dazed and Confused.” Zep’s 1969 debut album has a track with the same name and similar lyrics.

Despite being filed in 2014, the “Stairway to Heaven” case is only now making it to trial because of a slew of pre-trial motions, including those by Led Zeppelin seeking to have it dismissed. The case is being brought by the trust of Randy Wolfe, aka Randy California, and it essentially declares that Zep’s mind-numbing opening to “Stairway to Heaven“—an acoustic guitar arpeggiating chords in a descending pattern—is a complete ripoff of California’s “Taurus” which he wrote for the band Spirit. Zeppelin toured with Spirit in 1968, and California’s complaint alleges that Zep guitarist Jimmy Page had heard “Taurus” before the debut of “Stairway to Heaven, which appears on “Led Zeppelin IV.” Billboard describes the album as “a cultural touchstone and one of the most popular releases in US history.” “IV” has gone platinum 23 times.

Read 26 remaining paragraphs | Comments


WauchulaGhost Hacker groups linked to Anonymous hijack ISIS supporters’ Twitter accounts and flood their profiles with PORN picture and irreverent messages.

Anonymous is continuing its online battle against the ISIS propaganda machine, this time, Twitter accounts managed by the terrorist organization have been flooded with a large number of pornographic posts.


It seems that the attacks have been coordinated by Anonymous members to take over Twitter accounts of ISIS members and supporters.

The hackers replaced the profile pictures of the hacked IS Twitter accounts with porn pictures displaying text like ‘I Love Porn.’

The vast majority of Twitter accounts targeted by the hackers are from Saudi Arabia, Iraq, and Syria.

Below the message left by the WauchulaGhost crew that is one of the hacker group more active against the IS online:

WauchulaGhost is hunting ISIS supporters online, it was able to target hundreds of accounts within a few minutes.

The anti-ISIS groups are running a botnet that is able to generate porn images flood the IS accounts. Technically we call them Pornbots, a plethora of fake accounts featuring an adult theme, which are instructed with automated scripts to follow ISIS militants and flood them with unwanted porn. In some cases the hackers took over ISIS account and use them as active components of their Pornbots.

In this last campaign, WauchulaGhost has created a Twitter list that includes all the hacked profiles. At the time of writing, the Jacked Account list includes 161 accounts.

Among the victims of the WauchulaGhost there is also a French ISIS account that is very active in propaganda activity.

The use of Porn in not new in anti-ISIS campaigns, other groups of hackers have used to deface ISIS content with pornographic images as a derogatory sign.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – WauchulaGhost, ISIS)

The post WauchulaGhost targets ISIS Twitter Accounts and floods them with porn images appeared first on Security Affairs.

Source: Security affairs

A new round of the weekly SecurityAffairs newsletter arrived!

The best news of the week with Security Affairs.

First of all let inform you that at the #infosec16 SecurityAffairs was awarded as The Best European Personal Security Blog


Old CVE-2014-3704 flaw in Drupal still exploited in attacks hacked, stolen card data and accounts available for sale
Security Affairs newsletter Round 63 – News of the week
Jacob Appelbaum leaves the Tor Project after accusation of sexual misconduct
It is too easy to find enterprise logins on the Dark Web
100 million credentials from the Russian Facebook go on sale
Mark Zuckerberg hacked by the hacking crew OurMine Team
As of the end of March, 93 percent of all phishing emails contained ransomware
Charging Mobile Devices could be very risky according to Kaspersky
Hackers can remotely disable car alarm on Mitsubishi Outlander PHEV SUVs
FBI issued an alert about a rise in extortion email schemes
Watch out, Angler Exploit Kit is able to bypass Microsoft EMET defense
Facebook fixed a flaw in the Messenger App.Doubts on its severity
Fabrication-time Attacks and the Manchurian Chip
FTCs chief technologist was victim of Id theft, someone hijacked her phone number
MI5 collected significantly more data than it can use
So You want to Capitalize on the IoT Business…
Its official, μTorrent Forum Hacked!
Companies Are Stockpiling Bitcoin To Quickly Pay Off Ransomware Criminals
A crafted PDF document can hack your Chrome PDF reader, Update Chrome now!
China ready to launch the first hack proof quantum communication satellite
#infosec16 SecurityAffairs awarded as Best European Personal Security Blog
32 Million Twitter account credentials offered for sale
CRYPTXXX campaigns, threat actors switch to Neutrino EK
Are you using EMC and VMware solutions? Watch out unauthorized accesses!
European Union Websites plagued by SQL Injection Flaws
Necurs Botnet, one of the worlds largest malicious architecture has vanished
Twitter resets account login credentials for exposed accounts
More Fallout from the LinkedIn Breach in new Targeted Attacks on Banking
Bolek Banking Trojan, a Carberp Successor is spreading in the wild
How to recover files encrypted by all Teslacrypt Ransomware variants

I desire to inform you that Security Affairs is now open to sponsored content.
I’ll offer the opportunity to:
•    Insert banners of various sizes in all the posts on Security Affairs.
•    Publish sponsored posts written by the customers that can include any kind of commercial reference.
•    Arrange a monthly/quarterly/annual campaign (for big customers) to advertise customers’ activities and discoveries.
For more info contact me at [email protected]
Thanks for supporting Security Affairs.

Email address: Hurry up, subscribe to the newsletter, next Sunday you will receive all the news directly in your inbox.


Once again thank you!

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – Newsletter

The post Security Affairs newsletter Round 64 – News of the week appeared first on Security Affairs.

Source: Security affairs

Is Two-factor authentication the solution for any kind of hacks? A text message could be used to take over your Google Account.

Following the recent data breaches suffered by IT giants (e.g. MySpace, LinkedIn, Twitter) security experts are inviting users to avoid sharing login credentials on multiple websites and to enable two-factor authentication (2FA) when it is available.

Is Two-factor authentication the solution for any kind of hacks?

Of course no, it is important to assume the proper security posture being aware of the threats, two-factor authentication processes could be bypassed in various ways, for example by using malware or through social engineering attacks.

Google two-factor authentication

2FA drastically improve security, even when hackers steal your password they need a second factor to complete the authentication process.

Unfortunately, they can obtain this precious information by tricking victims into disclosing it.

Earlier this week, the security expert Alex MacCaw, co-founder of the Clearbit firm, warned of an attack technique observed in real attacks aiming to trick users into disclosing a two-factor authentication (2FA) code on a Google account.

Below the technique step by step:

  • The attacker sends a Google user a text message, pretending to be the company. The technique works also with other service providers if the victims use their service.
  • The message reports the service provider, Google in this case, has detected “suspicious” activity to the account. The company is now asking the victim to provide the 2FA code to avoid having their account locked.
  • The victim in order to avoid problems sends the code back, believing they have thwarted the attempted hack.
  • At this point, the attacker has all the necessary to take over the victim’s account. The hacker uses the victim’s credentials and the 2FA obtained through the above process to access the account.

You are thinking that attackers need to have login credentials of the victims, but this is not a problem because the criminal underground is fueled by data leaked after numerous data breaches.

In many cases, the leaked dumps include the mobile phone number of the victims, for this reason, it is a joke for hackers to target you.

The attack method is not new, periodically we see threat actors to adopt it. In most sophisticated attacks the hackers spoof their identity to make more realistic the messages sent to the victims.

Today we have learned another important lesson, never text our two-factor authentication codes to anyone, even if they pretend to appear a legitimate service.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – two-factor authentication, hacking)

The post How to bypass two-factor authentication with a text message appeared first on Security Affairs.

Source: Security affairs

The cyber attack vectors available to hackers will continue to grow as the Internet of Things (IoTs) become more commonplace, making valuable data accessible through an ever-widening selection of entry points.

Although it’s not the hackers alone, the NSA is also behind the Internet of Things.

We already know the United States National Security Agency’s (NSA) power to spy on American as well