16.8 C
Saturday, September 23, 2017
Home Tags Smoking

Tag: Smoking

“Elon is lying about millions of miles without incident... Letrsquo;s start ‘faketeslalsquo;.”
Statute barring smoking "covers these devices," divided federal appeals court says.
The company's successes are starting to stack up for the year 2017.
Identical code ties Fridayrsquo;s attacks to hacks on Sony Pictures and $1bn bank heist.
Throne room included massive brazier for barbecues, plus human sacrifice area.
Study doubles down on earlier work that led to big, some say pointless, controversy.
I ask if she’s a winter person: “No, I am not,” she replies stiffly. “I like the Sun.”
If this were to happen again today, the electrical grid would be a smoking ruin.
Windows XP? SHA-1? USB sneakernet? What were they thinking? Or smoking? The Netherlands has decided its vote-counting software isn't ready for prime time, and will revert to hand-counted votes for its March 15 election.…
Enlargereader comments 54 Share this story Talk about disappointments.

The US government's much-anticipated analysis of Russian-sponsored hacking operations provides almost none of the promised evidence linking them to breaches that the Obama administration claims were orchestrated in an attempt to interfere with the 2016 presidential election. The 13-page report, which was jointly published Thursday by the Department of Homeland Security and the FBI, billed itself as an indictment of sorts that would finally lay out the intelligence community's case that Russian government operatives carried out hacks on the Democratic National Committee, the Democratic Congressional Campaign Committee, and Clinton Campaign Chief John Podesta and leaked much of the resulting material. While security companies in the private sector have said for months the hacking campaign was the work of people working for the Russian government, anonymous people tied to the leaks have claimed they are lone wolves. Many independent security experts said there was little way to know the true origins of the attacks. Sadly, the JAR, as the Joint Analysis Report is called, does little to end the debate.
Instead of providing smoking guns that the Russian government was behind specific hacks, it largely restates previous private-sector claims without providing any support for their validity.

Even worse, it provides an effective bait and switch by promising newly declassified intelligence into Russian hackers' "tradecraft and techniques" and instead delivering generic methods carried out by just about all state-sponsored hacking groups. "This ultimately seems like a very rushed report put together by multiple teams working different data sets and motivations," Robert M. Lee, CEO and Founder of the security company Dragos, wrote in a critique published Friday. "It is my opinion and speculation that there were some really good government analysts and operators contributing to this data and then report reviews, leadership approval processes, and sanitation processes stripped out most of the value and left behind a very confusing report trying to cover too much while saying too little." The sloppiness, Lee noted, included the report's conflation of Russian hacking groups APT28 and APT29—also known as CozyBear, Sandworm, Sednit, and Sofacy, among others—with malware names such as BlackEnergy and Havex, and even hacking capabilities such as "Powershell Backdoor." The mix up of such basic classifications does little to inspire confidence that the report was carefully or methodically prepared.

And that only sows more reasons for President elect Donald Trump and his supporters to cast doubt on the intelligence community's analysis on a matter that, if true, poses a major national security threat. Enlarge The writers showed a similar lack of rigor when publishing so-called indicators of compromise, which security practitioners use to detect if a network has been breached by a specific group or piece of malware.

As Errata Security CEO Rob Graham pointed out in a blog post, one of the signatures detects the presence of "PAS TOOL WEB KIT," a tool that's widely used by literally hundreds, and possibly thousands, of hackers in Russia and Ukraine, most of whom are otherwise unaffiliated and have no connection to the Russian government. Enlarge "In other words, these rules can be a reflection of the fact the government has excellent information for attribution," Graham wrote. "Or, it could be a reflection that they've got only weak bits and pieces.
It's impossible for us outsiders to tell." "Both foolish and baseless" Security consultant Jeffrey Carr also cast doubt on claims that attacks that hit the Democratic National Committee could only have originated from Russian-sponsored hackers because they relied on the same malware that also breached Germany's Bundestag and French TV network TV5Monde. Proponents of this theory, including the CrowdStrike researchers who analyzed the Democratic National Committee's hacked network, argue that the pattern strongly implicates Russia because no other actor would have the combined motivation and resources to hack the same targets.

But as Carr pointed out, the full source code for the X-Agent implant that has long been associated with APT28 was independently obtained by researchers from antivirus provider Eset. "If ESET could do it, so can others," Carr wrote. "It is both foolish and baseless to claim, as CrowdStrike does, that X-Agent is used solely by the Russian government when the source code is there for anyone to find and use at will." The doubts raised by Lee, Graham, and Carr underscore the difficulty members of the US intelligence community face when taking findings out of the highly secretive channels they normally populate and putting them into the public domain.
Indeed, the Joint Analysis Report makes no mention of the Democratic party or even the Democratic National Committee.

The lack of specifics and vagueness about exactly how the DHS and FBI have determined Russian involvement in the hacks leaves the report sounding more like innuendo than a carefully crafted indictment. The intelligence community has found itself in this position before, including in attributing a highly destructive attack on Sony Pictures Entertainment in 2014 to North Korea.
In fairness, the reticence in both cases is likely justified by the interest in protecting sources and methods used to detect such attacks.
Still, it's hard to escape the conclusion that Thursday's Joint Analysis Report provides almost no new evidence to support the Obama Administration's claims Russia attempted to interfere with the US electoral process.

Absent something more, the increasingly bitter debate may rage on indefinitely.
Same group compromised a million users A DAY. A two-year long, highly sophisticated malvertising campaign infected visitors to some of the most popular news sites in the UK, Australia, and Canada including Channel 9, Sky News, and MSN. Readers of those news sites, just a portion of all affected (since it also affected eBay's UK portal), were infected with modular trojans capable of harvesting account and email credentials, stealing keystrokes, capturing web cam footage, and opening backdoors. The news sites are not at direct fault as they displayed the advertising; the ad networks and the underlying structure of high-pace and low-profit margins is what lets malvertising get its huge impact. Users from the United States were ignored, for reasons unknown. The quiet success of the still-ongoing attacks comes despite that researchers from security firm ESET found earlier variants in late 2014 targeting Dutch users. Well-known researcher Kafeine, now with Proofpoint, reported on a subsequent massive malvertising campaign in July in which the AdGholas malvertising campaign had ensnared as many as a million users a day. The malware stenography revealed.
Image: ESET. Those attacks slung banking trojans at British, Australian, and Canadian users with localised ruses. AdGholas exploited among others a low-level Internet Explorer vulnerability (CVE-2016-3351) to assist with cloaking that Microsoft was slow to patch. Victims who surfed various news outlets using Microsoft Internet Explorer and Adobe Flash which did not have recent patches applied could be silently compromised. Users of Yahoo!'s email service were also served the trojanised ads through the tech giant's advertising network. Those on other browsers were ignored, as were those running packet capture, sandboxing, and virtualisation software, the latter platforms being hallmarks of white hat security researchers. The criminals were able to maintain stealth despite the many skilled eyes of the whitehat research community by weaving malicious code into advertising banners. They even went as far as to create legitimate software, including a still-live Google Chrome extension, which appear non-malicious and are functional. The Browser Defence Chrome app seems legit.
Image: The Register. While regular malvertising manages to get booby-trapped banner ads accepted by the likes of Google, Yahoo!, and scores of smaller networks, the AdGholas campaign served its trojans through the manipulation of individual ad pixels. Malwarebytes analyst Jerome Segura along with ESET researchers revealed the intricacies of the latest campaign today. They say criminals remained cloaked for so long by altering the alpha channel within pixels of the advertising banners they submitted to ad networks. This passed the weak security checks to be displayed on major news sites, forcing the trojan to install on any machine which merely viewed the banner with vulnerable Internet Explorer and Flash installations. The offending ads.
Image: MalwareBytes. Poisoned pixel ads included those for Browser Defence and BroXu, two legitimate working creations of the malware writers. The malcode within the ads exploited Internet Explorer bug CVE-2016-0162 for initial reconnaissance and Flash bugs CVE-2016-4117, CVE-2016-1019, and CVE-2015-8651 to get payloads onto machines. "Despite not targeting the US, the latest AdGholas campaign has once again reached epic proportions and unsuspecting users visiting top trusted portals like Yahoo or MSN [among] many top level publishers were exposed to malvertising and malware if they were not protected," Segura says. "There is no doubt that the adversary is very advanced and has been clever to fly under the radar for long periods of time." "At the time of posting the campaign still continues, although the major ad networks have been informed and should no longer be involved." The BroXu and Browser Defence sites.
Image: The Register. Segura found the first attack based on the Browser Defence scam on 5 September through the SmartyAds network, before noticing it move to Yahoo! a month later. It took until 27 November for Segura to "finally" reproduce the malvertising chain using a real residential IP address and a normal user machine free of monitoring tools. "Up until then, we only had very strong suspicions that something was going on, but without a network capture, we simply did not possess the smoking gun required to make an affirmative claim," he says. Segura informed Yahoo! once he confirmed the malvertising attacks. > Researchers at ESET reveal much the same and reveal the technical complexity of the stenography effort in which the malcode was hidden almost perfectly within advertising images. ® Sponsored: Flash enters the mainstream.
Visit The Register's storage hub
In a panel held by the University of California Berkeley Center for Long-Term Cybersecurity and Bipartisan Policy Center, experts discuss challenges facing the incoming presidential administration. In the wake of an abundance of news headlines on data breaches, and a presidential election cycle packed with cybersecurity concerns, the University of California Berkeley Center for Long-Term Cybersecurity and Bipartisan Policy Center today hosted experts to discuss security challenges and solutions America will face in the new administration.  Panelists included Steven Webber, faculty director at the UC Berkeley Center for Long-Term Cybersecurity; Betsy Cooper, executive director at the UC Berkeley Center for Long-Term Cybersecurity; Jamie Gorelick, former deputy attorney general and partner at WilmerHale; and Rep. Will Hurd (R-TX). The group gathered to discuss ideas that could fuel an effective plan for preventing, responding to, and recovering from cyber attacks. Webber acknowledged part of the problem for many people is that cybersecurity still feels like a technical issue related to the protection of computer networks.
It's time to "demystify the network" for folks outside the core tech sector, he said. "What happens when individuals everywhere interact with digital technologies?" he questioned, saying there are bigger and broader issues at play. Cooper addressed the need for change in addressing the future of cybersecurity, noting how this problem "is an existential challenge we haven't fully recognized yet." The new administration must have a stronger approach to the growth of cybersecurity problems. Another issue addressed during the panel was the need for a public campaign on cybersecurity, similar to campaigns launched in the past to raise awareness about problems like recycling and smoking. "We're suggesting the situation is serious enough in cybersecurity that we need a public awareness campaign," Cooper emphasized. "People should be aware of strong passwords, of two-factor authentication from an early age."  Webber compared the problem of cybersecurity with the problem of secondhand smoke. He said people are motivated by the negative externalities of the issue; not only how it comes with a personal cost, but how it affects their community as a whole. "When people recognize their dangerous behavior is a risk to family and neighbors, there's another lever we can pull," he said. "Companies will start to respond to that as the demand [for change] starts to emerge. We need to get that conversation started right now, and who is better than a new administration?" The panel also addressed the cybersecurity skills shortage.

There is a great demand for cybersecurity professionals, said Cooper, but universities aren't producing enough talent to fill the gap. Part of the problem is fear of being in the security space long-term, she said. "In these industries, it's hard to keep up-to-date with technology," Cooper explained. "It's hard to convince people it's a fun and exciting area." She noted how providing loan forgiveness for cybersecurity professionals may drive motivation to enter the industry. Webber agreed that society needs to take the cybersecurity problem seriously enough to subsidize education. "Security issues are hard, involve classified data and techniques, and there isn't a sense that the world thinks of those things as super important," he said. Right now, there are many people who could generate the skills needed for a first-rate cyber workforce, but they're out doing different things.  Webber acknowledged this could be an opportunity to circulate ideas between the East and West coasts, and help people from Washington, DC and Silicon Valley work together.   Panelists also recognized the need for public and private administration to work together and overcome the cybersecurity challenge. "We're crazy to think the government or private sector can address the problem alone," said Hurd. Related Content: Kelly is an associate editor for InformationWeek.
She most recently reported on financial tech for Insurance & Technology, before which she was a staff writer for InformationWeek and InformationWeek Education. When she's not catching up on the latest in tech, Kelly enjoys ...
View Full Bio More Insights