Skip to main content

Home/ Indie Nation/ Group items tagged remote

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
John Lemke

NSA reportedly intercepting laptops purchased online to install spy malware | The Verge - 0 views

www.theverge.com/...a-cia-fbi-laptop-usb-plant-spy

2013 nsa spy malware yourrights surveillance spying law legal government

shared by John Lemke on 30 Dec 13 - No Cached
  • According to a new report from Der Spiegel based on internal NSA documents, the signals intelligence agency's elite hacking unit (TAO) is able to conduct sophisticated wiretaps in ways that make Hollywood fantasy look more like reality. The report indicates that the NSA, in collaboration with the CIA and FBI, routinely and secretly intercepts shipping deliveries for laptops or other computer accessories in order to implant bugs before they reach their destinations. According to Der Spiegel, the NSA's TAO group is able to divert shipping deliveries to its own "secret workshops" in a method called interdiction, where agents load malware onto the electronics or install malicious hardware that can give US intelligence agencies remote access. While the report does not indicate the scope of the program, or who the NSA is targeting with such wiretaps, it's a unique look at the agency's collaborative efforts with the broader intelligence community to gain hard access to communications equipment. One of the products the NSA appears to use to compromise target electronics is codenamed COTTONMOUTH, and has been available since 2009; it's a USB "hardware implant" that secretly provides the NSA with remote access to the compromised machine.
  • The Der Spiegel report, which gives a broad look at TAO operations, also highlights the NSA's cooperation with other intelligence agencies to conduct Hollywood-style raids. Unlike most of the NSA's operations which allow for remote access to targets, Der Spiegel notes that the TAO's programs often require physical access to targets. To gain physical access, the NSA reportedly works with the CIA and FBI on sensitive missions that sometimes include flying NSA agents on FBI jets to plant wiretaps. "This gets them to their destination at the right time and can help them to disappear again undetected after even as little as a half hour's work," the report notes.
  • John Lemke on 30 Dec 13
     
    While the scope or the targets are reportedly not known, the article also does not mention anything about a search warrant. This is what happens when the government feels they are above the law.
John Lemke

Hackers Using 'Shellshock' Bash Vulnerability to Launch Botnet Attacks - 0 views

thehackernews.com/...ash-Vulnerability-exploit.html

2014.09.29-TNN indienationnews vulnerability bash hackers security vunerability

shared by John Lemke on 27 Sep 14 - No Cached
  • Researchers on Thursday discovered a critical remotely exploitable vulnerability in the widely used command-line shell GNU Bourne Again Shell (Bash), dubbed "Shellshock" which affects most of the Linux distributions and servers worldwide, and may already have been exploited in the wild to take over Web servers as part of a botnet that is currently trying to infect other servers as well.
  • the vulnerability is already being used maliciously by the hackers.
  • There is as of yet no official patch that completely addresses both vulnerabilities, including the second, which allows an attacker to overwrite files on the targeted system.
  • ...3 more annotations...
  • It's things like CGI scripts that are vulnerable, deep within a website (like CPanel's /cgi-sys/defaultwebpage.cgi)," Graham wrote in a blog post. "Getting just the root page is the thing least likely to be vulnerable. Spidering the site and testing well-known CGI scripts (like the CPanel one) would give a lot more results—at least 10x." In addition, Graham said, "this thing is clearly wormable and can easily worm past firewalls and infect lots of systems. One key question is whether Mac OS X and iPhone DHCP service is vulnerable—once the worm gets behind a firewall and runs a hostile DHCP server, that would be 'game over' for large networks."
  • 32 ORACLE PRODUCTS VULNERABLE
  • PATCH ISSUED, BUT INCOMPLETE
  • John Lemke on 27 Sep 14
     
    "Researchers on Thursday discovered a critical remotely exploitable vulnerability in the widely used command-line shell GNU Bourne Again Shell (Bash), dubbed "Shellshock" which affects most of the Linux distributions and servers worldwide, and may already have been exploited in the wild to take over Web servers as part of a botnet that is currently trying to infect other servers as well."
John Lemke

Shellshock: Code injection vulnerability found in Bash | LIVE HACKING - 0 views

www.livehacking.com/...on-vulnerability-found-in-bash

2014.09.29-TNN code bash hacking indienationnews 2014 technology tech security

shared by John Lemke on 26 Sep 14 - No Cached
  • A code injection vulnerability in the Bourne again shell (Bash) has been disclosed on the internet. If exploited then arbitrary commands can be executed, and where Bash is used in relation to a network service, for example in CGI scripts on a web server, then the vulnerability will allow remote code execution.
  • The problem is that Bash does not stop after processing the function definition; it continues to parse and execute any shell commands following the function definition
  • The vulnerability is deemed as critical because Bash is used widely on many types of UNIX-like operating systems including Linux, BSD, and Mac OS X.
  • ...1 more annotation...
  • The most prominent attack vector is via HTTP requests sent to CGI scripts executed by Bash. Also, if SSH has been configured to allow remote users to run a set of restricted commands, like rsync or git, this bug means that an attacker can use SSH to execute any command and not just the restricted command.
John Lemke

Want to remotely control a car? $20 in parts, some oily fingers, and you're in command ... - 0 views

www.theregister.co.uk/...ome_oily_fingers_and_its_yours

2014 control car hack security automobile indienationnews

shared by John Lemke on 08 Feb 14 - No Cached
  • untraceable, off-the-shelf parts worth $20 that can give wireless access to the car's controls while it's on the road.
  • Illera and fellow security researcher Javier Vazquez-Vidal said that they had tested the CAN Hacking Tool (CHT) successfully on four popular makes of cars and had been able to apply the emergency brakes while the car was in motion, affect the steering, turn off the headlights, or set off the car alarm.
  • currently only works via Bluetooth,
John Lemke

FBI surveillance malware in bomb threat case tests constitutional limits | Ars Technica - 0 views

arstechnica.com/...case-tests-constitional-limits

2013 law due+process surveillance fbi constitutional malware spying legal yourrights

shared by John Lemke on 07 Dec 13 - No Cached
  • The FBI has an elite hacker team that creates customized malware to identify or monitor high-value suspects who are adept at covering their tracks online, according to a published report.
  • as the capability to remotely activate video cameras and report users' geographic locations—is pushing the boundaries of constitutional limits on searches and seizures
  • Critics compare it to a physical search that indiscriminately seizes the entire contents of a home, rather than just those items linked to a suspected crime. Former US officials said the FBI uses the technique sparingly, in part to prevent it from being widely known.
  • ...1 more annotation...
  • "We have transitioned into a world where law enforcement is hacking into people’s computers, and we have never had public debate,” Christopher Soghoian, principal technologist for the American Civil Liberties Union, told The Washington Post, speaking of the case against Mo. "Judges are having to make up these powers as they go along."
John Lemke

Ask Ethan #55: Could a Manned Mission to Mars Abort? - Starts With A Bang! - Medium - 0 views

medium.com/...ion-to-mars-abort-d3995c855466

2014 exploration space spaceflight spacecraft spaceexploration spacetravel mars 2014.09.29-TNN

shared by John Lemke on 28 Sep 14 - No Cached
  • No humans have ever traveled farther away from Earth than the crew of Apollo 13 did, as they circled around the far side of the Moon close to lunar apogee, achieving a maximum distance of 400,171 km above the Earth’s surface on April 15, 1970. But when the first manned spaceflight to another planet occurs, that record will be shattered, and in a mere matter of days.
  • The way we currently reach other worlds with our present technology — or any remote location in the Universe — involves three distinct stages:The initial launch, which overcomes the Earth’s gravitational binding energy and starts our spacecraft off with a reasonably large (on the order of a few km/s) velocity relative to the Earth’s motion around the Sun.On-board course corrections, where very small amounts of thrust accelerate the spacecraft to its optimal trajectory.And gravity assists, where we use the gravitational properties of other planets in orbit around the Sun to change our spacecraft’s velocity, either increasing or decreasing its speed with every encounter.It’s through the combination of these three actions that we can reach any location — if we’re patient and we plan properly — with only our current rocket technology.
    • John Lemke
      John Lemke on 28 Sep 14
       
      How we can do it now, if we plan right.
  • The initial launch is a very hard part right now. It takes a tremendous amount of resources to overcome the Earth’s gravitational pull, to accelerate a significant amount of mass to the Earth’s escape velocity, and to raise it all the way up through the Earth’s atmosphere.
  • ...2 more annotations...
  • The most optimal one for a one-way trip to Mars, for those of you wondering, that minimizes both flight time and the amount of energy needed, involves simply timing your launch right.
    • John Lemke
      John Lemke on 28 Sep 14
       
      The cheapest and the fastest. The one way ticket option.
  • When a planet orbits the Sun, there’s a lot of energy in that system, both gravitational energy and kinetic energy. When a third body interacts gravitationally as well, it can either gain some energy by stealing it from the Sun-planet system, or it can lose energy by giving it up to the Sun-planet system. The amount of energy performed by the spacecraft’s thrusters is often only 20% (or less) of the energy either gained-or-lost from the interaction!
    • John Lemke
      John Lemke on 28 Sep 14
       
      The transfer of energy involved to change speeds.
John Lemke

Active malware operation let attackers sabotage US energy industry | Ars Technica - 0 views

arstechnica.com/...rs-sabotage-us-energy-industry

2014 indienationnews malware energy industry cuberattack hacking security

shared by John Lemke on 30 Jun 14 - No Cached
  • Researchers have uncovered a malware campaign that gave attackers the ability to sabotage the operations of energy grid owners, electricity generation firms, petroleum pipelines, and industrial equipment providers.
  • the hacking group managed to install one of two remote access trojans (RATs) on computers belonging to energy companies located in the US and at least six European countries, according to a
  • Called Dragonfly
  • ...3 more annotations...
  • "This campaign follows in the footsteps of Stuxnet, which was the first known major malware campaign to target ICS systems," the Symantec report stated. "While Stuxnet was narrowly targeted at the Iranian nuclear program and had sabotage as its primary goal, Dragonfly appears to have a much broader focus with espionage and persistent access as its current objective with sabotage as an optional capability if required."
  • been in operation since at least 2011
  • "The Dragonfly group is technically adept and able to think strategically," the Symantec report stated. "Given the size of some of its targets, the group found a 'soft underbelly' by compromising their suppliers, which are invariably smaller, less protected companies."
John Lemke

New mobile can check pulse, send ambulance - 0 views

www.physorg.com/...02-mobile-pulse-ambulance.html

cell cellphone tech technology writeabout 2011 medicine life health emergency rescue ECG remote automated

shared by John Lemke on 28 Feb 11 - No Cached
  • John Lemke on 28 Feb 11
     
    The new EPI Life mobile phone comes complete with mini electrocardiogram. "We think it's a revolution. It has clinical significance," EPI medical chief Dr. Chow U-Jin said at the mobile industry's annual conference in Barcelona. "Anywhere in the world you can use it as a phone but you are also able to transfer an ECG and get a reply," Chow said. "If you get a normal reply it will just be an SMS," he added. "If it's severe, you get a call: 'Sir, an ambulance is on the way'." EPI Life has three hospitals in Singapore, all of which carry the phone users' history. EPI Life costs $700 (516 euros), the price of a top range smartphone, and 2,000 of them have been on the market since 2010.
1 - 8 of 8
Showing 20 items per page