New R2D2 Technique Protects Files Against Wiper Malware, Secure Delete Apps ( 27

An anonymous reader writes: Purdue University scientists have developed a data protection technique called Reactive Redundancy for Data Destruction (R2D2) that can safeguard data sitting inside a virtual machine from modern data-wiping malware and even some secure file deletion methods. The technique was developed to protect enterprise systems, which are often running inside VMs.

Researchers say the new technique was successful in preventing wiper malware such as Shamoon (v1 and v2), StoneDrill, and Destover from deleting data during their experiments, but it was able to prevent data deletion attempted with legitimate "secure delete" applications. When such operations are detected, R2D2 runs each one through a series of policies that evaluate the operation for known destructive patterns. If the scan triggers a warning, the VM creates a temporary checkpoint that a human operator can use as a system restore point.


Atlanta City Government Systems Down Due To Ransomware Attack ( 34

An anonymous reader quotes a report from Ars Technica: The city of Atlanta government has apparently become the victim of a ransomware attack. The city's official Twitter account announced that the city government "is currently experiencing outages on various customer facing applications, including some that customers may use to pay bills or access court-related information." According to a report from Atlanta NBC affiliate WXIA, a city employee sent the station a screen shot of a ransomware message demanding a payment of $6,800 to unlock each computer or $51,000 to provide all the keys for affected systems. Employees received emails from the city's information technology department instructing them to unplug their computers if they noticed anything suspicious. An internal email shared with WXIA said that the internal systems affected include the city's payroll application. "At this time, our Atlanta Information Management team is working diligently with support from Microsoft to resolve the issue," a city spokesperson told Ars. "We are confident that our team of technology professionals will be able to restore applications soon." The city's primary website remains online, and the city government will continue to post updates there, the spokesperson added.
United States

US Spending Bill Contains CLOUD Act, a Win For Tech and Law Enforcement ( 109

The 2,232 page spending bill released Wednesday by House and Senate leaders includes the Clarifying Lawful Overseas Use of Data [CLOUD] Act, which provides a legal framework for law enforcement to request data from overseas servers. The CLOUD Act currently sits high atop the wish list of tech firms, law enforcement and even foreign nations. Axios reports: The Supreme Court is currently mulling a case determining whether the Department of Justice had the right to force Microsoft to produce client emails stored on a server in Ireland without permission from Ireland's government. Microsoft fears the DOJ will force it to violate the laws of Ireland. The DOJ hopes to avoid the often years long process of abiding by treaties dealing with evidence. But both have publicly urged lawmakers to render the pending decision moot by passing the CLOUD act, a way to streamline the treaty process for requesting digital data.

The CLOUD Act provides a framework for reciprocal treaties for nations to request data from computers located within each other's borders. It also provides a mechanism for a Microsoft to take a law enforcement demand to court if it would force them to violate another country's rules. But when neither apply, law enforcement will be able to demand files in accordance with U.S. law.


Best Buy Stops Selling Huawei Smartphones ( 78

Best Buy, the nation's largest electronics big box retailer, has ceased ordering new smartphones from Huawei and will stop selling its products over the next few weeks. Best Buy didn't provide any details as to why it has severed ties with Huawei, but it may have to do with security concerns involving the Chinese government. CNET reports: The move is a critical blow to Huawei, which is the world's third-largest smartphone vendor behind Apple and Samsung but has struggled to establish any presence in the U.S. Best Buy was one of Huawei's biggest retail partners, and one of the rare places where you could physically see its phones. Huawei phones aren't sold by any U.S. carriers, where a majority of Americans typically buy their phones. Security concerns have long dogged Huawei in the U.S. In 2012, the House Intelligence Committee released a report accusing Huawei and fellow Chinese vendor ZTE of making telecommunications equipment that posed national security threats, and banned U.S. companies from buying the gear. At the time, the committee stressed that the report didn't refer to its smartphones. But that's changed over the last several months. The directors of the FBI, CIA and NSA all expressed their concerns about the risks posed by Huawei and ZTE.

A 15-Year-Old Hacked the Secure Ledger Crypto Wallet ( 66

An anonymous reader quotes a report from TechCrunch: A 15-year-old programmer named Saleem Rashid discovered a flaw in the popular Ledger hardware wallet that allowed hackers to grab secret PINs before or after the device was shipped. The holes, which Rashid described on his blog, allowed for both a "supply chain attack" -- meaning a hack that could compromise the device before it was shipped to the customer -- and another attack that could allow a hacker to steal private keys after the device was initialized. The Ledger team described the vulnerabilities dangerous but avoidable. For the "supply chain attack," they wrote: "by having physical access to the device before generation of the seed, an attacker could fool the device by injecting his seed instead of generating a new one. The most likely scenario would be a scam operation from a shady reseller." "If you bought your device from a different channel, if this is a second hand device, or if you are unsure, then you could be victim of an elaborate scam. However, as no demonstration of the attack in the real has been shown, it is very unlikely. In both cases, a successful firmware update is the proof that your device has never been compromised," wrote the team.

Further, the post-purchase hack "can be achieved only by having physical access to the device, knowing your PIN code and installing a rogue unsigned application. This rogue app could break isolation between apps and access sensitive data managed by specific apps such as GPG, U2F or Neo." Ledger CEO Eric Larcheveque claimed that there were no reports of the vulnerability effecting any active devices. "No one was compromised that we know of," he said. "We have no knowledge that any device was affected." Rashid, for his part, was disappointed with the speed Ledger responded to his claims.


Kaspersky Lab Plans Swiss Data Center To Combat Spying Allegations, Report Says ( 46

An anonymous reader shares a report: Moscow-based Kaspersky Lab plans to open a data center in Switzerland to address Western government concerns that Russia exploits its anti-virus software to spy on customers, according to internal documents seen by Reuters. Kaspersky is setting up the center in response to actions in the United States, Britain and Lithuania last year to stop using the company's products, according to the documents, which were confirmed by a person with direct knowledge of the matter. The action is the latest effort by Kaspersky, a global leader in anti-virus software, to parry accusations by the U.S. government and others that the company spies on customers at the behest of Russian intelligence.

AMD Says Patches Coming Soon For Chip Vulnerabilities ( 84

wiredmikey writes: After investigating recent claims from a security firm that its processors are affected by more than a dozen serious vulnerabilities, chipmaker Advanced Micro Devices (AMD) says patches are coming to address several security flaws in its chips. In its first public update after the surprise disclosure of the vulnerabilities by Israeli-based security firm CTS Labs, AMD said the issues are associated with the firmware managing the embedded security control processor in some of its products (AMD Secure Processor) and the chipset used in some socket AM4 and socket TR4 desktop platforms supporting AMD processors.

AMD said that patches will be released through BIOS updates to address the flaws, which have been dubbed MASTERKEY, RYZENFALL, FALLOUT and CHIMERA. The company said that no performance impact is expected for any of the forthcoming mitigations.


Telegram Loses Supreme Court Appeal In Russia, Must Hand Over Encryption Keys ( 216

Telegram has lost a bid before Russia's Supreme Court to block security services from getting access to users' data, giving President Vladimir Putin a victory in his effort to keep tabs on electronic communications. Bloomberg reports: Supreme Court Judge Alla Nazarova on Tuesday rejected Telegram's appeal against the Federal Security Service, the successor to the KGB spy agency which last year asked the company to share its encryption keys. Telegram declined to comply and was hit with a fine of $14,000. Communications regulator Roskomnadzor said Telegram now has 15 days to provide the encryption keys. Telegram, which is in the middle of an initial coin offering of as much as $2.55 billion, plans to appeal the ruling in a process that may last into the summer, according to the company's lawyer, Ramil Akhmetgaliev. Any decision to block the service would require a separate court ruling, the lawyer said.

Putin signed laws in 2016 on fighting terrorism, which included a requirement for messaging services to provide the authorities with means to decrypt user correspondence. Telegram challenged an auxiliary order by the Federal Security Service, claiming that the procedure doesn't involve a court order and breaches constitutional rights for privacy, according to documents. The security agency, known as the FSB, argued in court that obtaining the encryption keys doesn't violate users' privacy because the keys by themselves aren't considered information of restricted access. Collecting data on particular suspects using the encryption would still require a court order, the agency said.


Orbitz Says Legacy Travel Site Likely Hacked, Affecting 880,000 Credit Cards ( 29

hyperclocker shares a report from U.S. News & World Report: Orbitz says a legacy travel booking platform may have been hacked, possibly exposing the personal information of people that made certain purchases between January 1, 2016 and December 22, 2017. Orbitz said Tuesday about 880,000 payment cards were impacted. Data that was likely exposed includes name, payment card information, date of birth, phone number, email address, physical and/or billing address and gender. The company said evidence suggests an attacker may have accessed information stored on the platform -- which was for both consumers and business partners -- between Oct. 1, 2017 and Dec. 22, 2017. "Orbitz said it worked with a forensic investigation firm, cybersecurity experts, and law enforcement once the breach was discovered in order to 'eliminate and prevent unauthorized access to the platform,'" reports The Verge. "The company also notes that its current site,, wasn't affected. It is notifying customers who may have been impacted and is offering a year of free credit monitoring."

Hackathons Are Dystopian Events That Dupe People Into Working For Free, Say Sociologists ( 154

An anonymous reader writes: That's the conclusion that two sociologists came to after observing seven hackathons over the period of one year, reports Wired. In "Hackathons As Co-optation Ritual: Socializing Workers and Institutionalizing Innovation in the 'New' Economy," sociologists Sharon Zukin and Max Papadantonakis argue that companies use the allure of hackathons to get people to work for free. They says sponsors fuel the "romance of digital innovation by appealing to the hackers' aspiration to be multi-dimensional agents of change" when in fact the hackathons are just a means of labor control.

Facebook Security Chief Said To Leave After Clashes Over Disinformation ( 45

Facebook's chief information security officer, Alex Stamos, will leave the company after internal disagreements over how the social network should deal with its role in spreading disinformation. The New York Times reports (Warning: source may be paywalled; alternative source): Mr. Stamos had been a strong advocate inside the company for investigating and disclosing Russian activity on Facebook, often to the consternation of other top executives, including Sheryl Sandberg, the social network's chief operating officer, according to the current and former employees, who asked not to be identified discussing internal matters. After his day-to-day responsibilities were reassigned to others in December, Mr. Stamos said he would leave the company. He was persuaded to stay through August to oversee the transition of his duties because executives thought his departure would look bad, the current and former employees said. He has been overseeing the transfer of his security team to Facebook's product and infrastructure divisions. His group, which once had 120 people, now has three, the current and former employees said. Mr. Stamos would be the first high-ranking employee to leave Facebook since controversy erupted over disinformation on its site. His departure is a sign of heightened leadership tensions at the company.

Facebook Hires Firm To Conduct Forensic Audit of Cambridge Analytica Data ( 136

After it was revealed that political data analytics firm, Cambridge Analytica, harvested personal data from more than 50 million Facebook users, the social media company has been scrutinized for not better protecting its users. Today, CBS News reports that Facebook has recently hired Stroz Friedberg, a digital forensics firm, to conduct an audit of Cambridge Analytica. According to a press release issued by Facebook on Monday, Cambridge Analytica has agreed to "comply and afford the firm complete access to their servers and systems." From the report: The social network said it asked Christopher Wylie and University of Cambridge professor Aleksandr Kogan to submit to an audit. Facebook says Kogan has verbally agreed to participate, but Wylie has declined. Wylie is a former employee of Cambridge Analytica who described the company's use of illicit data in interviews late last week. Cambridge Analytica, Kogan and Wylie were banned from Facebook on Friday. Cambridge Analytica did not immediately confirm that it had agreed to comply with the audit. The firm has denied the allegations that it improperly collected and used the data. A spokeswoman for Stroz Friedberg declined to comment on the firm's involvement with an audit.

"We are moving aggressively to determine the accuracy of these claims," Facebook officials said in a statement. "We remain committed to vigorously enforcing our policies to protect people's information. We also want to be clear that today when developers create apps that ask for certain information from people, we conduct a robust review to identify potential policy violations and to assess whether the app has a legitimate use for the data. We actually reject a significant number of apps through this process. This is part of a comprehensive internal and external review that we are conducting to determine the accuracy of the claims that the Facebook data in question still exists. If this data still exists, it would be a grave violation of Facebook's policies and an unacceptable violation of trust and the commitments these groups made."


Hackers Are So Fed Up With Twitter Bots They're Hunting Them Down Themselves ( 45

An anonymous reader writes: Even if Twitter hasn't invested much in anti-bot software, some of its most technically proficient users have. They're writing and refining code that can use Twitter's public application programming interface, or API, as well as Google and other online interfaces, to ferret out fake accounts and bad actors. The effort, at least among the researchers I spoke with, has begun with hunting bots designed to promote pornographic material -- a type of fake account that is particularly easy to spot -- but the plan is to eventually broaden the hunt to other types of bots. The bot-hunting programming and research has been a strictly volunteer, part-time endeavor, but the efforts have collectively identified tens of thousands of fake accounts, underlining just how much low-hanging fruit remains for Twitter to prune.

Among the part-time bot-hunters is French security researcher and freelance Android developer Baptiste Robert, who in February of this year noticed that Twitter accounts with profile photos of scantily clad women were liking his tweets or following him on Twitter. Aside from the sexually suggestive images, the bots had similarities. Not only did these Twitter accounts typically include profile photos of adult actresses, but they also had similar bios, followed similar accounts, liked more tweets than they retweeted, had fewer than 1,000 followers, and directed readers to click the link in their bios.


When China Hoards Its Hackers Everyone Loses ( 89

An anonymous reader shares a report: For over a decade Pwn2Own -- happening this week -- has brought together security talent from across the globe in a friendly hacking competition that is a cornerstone of research and advancement on par with Black Hat and Def Con. China's hackers routinely win, sweeping the board -- notably, the Tencent and Keen teams. Pwn2Own is good-natured, and all in the name of researchers finding big bugs, nabbing great bounties and drawing attention to security holes and zero-days that need to be fixed. But this year, according to Pwn2Own manager Brian Gorenc, China is no longer allowing its researchers to compete. Prior to the start of Pwn2Own this week, Gorenc told press "There have been regulatory changes in some countries that no longer allow participation in global exploit contests, such as Pwn2Own and Capture the Flag competitions."

One thing's for certain: yearly champions Tencent's Keen Labs and Qihoo 360's 360Vulcan team are nowhere to be found and Trend Micro, the conference organizer, has confirmed to Engadget that there are no Chinese competitors in this year's competition. [...] It's a worrying development in the direction of isolationism and away from the benefits of competition in the spirit of improving security for all. It comes at a time when relations between the US and China strain under the weight of Huawei security concerns, which are not at all new, but are certainly coming to a head as American companies sever business ties with the firm.


Firefox Master Password System Has Been Poorly Secured for the Past 9 Years, Researcher Says ( 74

Catalin Cimpanu, writing for BleepingComputer: For at past nine years, Mozilla has been using an insufficiently strong encryption mechanism for the "master password" feature. Both Firefox and Thunderbird allow users to set up a "master password" through their settings panel. This master password plays the role of an encryption key that is used to encrypt each password string the user saves in his browser or email client. Experts have lauded the feature because up until that point browsers would store passwords locally in cleartext, leaving them vulnerable to malware or attackers with physical access to a victim's computer. But Wladimir Palant, the author of the AdBlock Plus extension, says the encryption scheme used by the master password feature is weak and can be easily brute-forced. "I looked into the source code," Palant says, "I eventually found the sftkdb_passwordToKey() function that converts a [website] password into an encryption key by means of applying SHA-1 hashing to a string consisting of a random salt and your actual master password."

Slashdot Top Deals