Group items tagged

"These exploits are based on chip engineering flaws, not on software flaws. Apple, Google, Abode, Microsoft, and other software companies didn't write poor software or bad Operating Systems to cause these problems to occur. Rather, the chip manufacturers - Intel, AMD and ARM - designed and then engineered computer chips with flaws built into them. Once discovered, those flaws allow the Meltdown and Spectre exploits to be run. Worse, these chips have been sold with consumer computers, servers and mobile devices since 1995. so the impact is, potentially, both personal and global in scope."

The US National Security Agency (NSA) knew of the Heartbleed flaw in the widely used OpenSSL security tool and exploited it for year - instead of blowing the whistle so that the patch could be flawed."

"Serious security flaws that could let attackers steal sensitive data, including passwords and banking information, have been found in processors designed by Intel, AMD and ARM. The flaws, named Meltdown and Spectre, were discovered by security researchers at Google's Project Zero in conjunction with academic and industry researchers from several countries. Combined they affect virtually every modern computer, including smartphones, tablets and PCs from all vendors and running almost any operating system."

"The flaw, dubbed "Log4Shell", may be the worst computer vulnerability discovered in years. It was uncovered in an open-source logging tool that is ubiquitous in cloud servers and enterprise software used across the industry and the government. Unless it is fixed, it grants criminals, spies and programming novices alike, easy access to internal networks where they can loot valuable data, plant malware, erase crucial information and much more."

"One of the most widely used tools for monitoring and restricting pupils' internet use in UK schools has a serious security flaw which could leave hundreds of thousands of children's personal information exposed to hackers, a researcher has warned."

Facebook has rushed to fix a security flaw that allowed users to eavesdrop on the live chats of their friends and see their pending friend requests

"Durumeric leads a team of researchers at the University of Michigan that has developed scanning software called ZMap. This tool can probe the whole public Internet in under an hour, revealing information about the roughly four billion devices online. The scan results can show which sites are vulnerable to particular security flaws. In the case of FREAK, a scan was used to measure the scale of the threat before the bug was publicly announced."

"A flagship artificial intelligence system designed to predict gun and knife violence before it happens had serious flaws that made it unusable, police have admitted. The error led to large drops in accuracy and the system was ultimately rejected by all of the experts reviewing it for ethical problems."

"Apple's Not Digging Itself Out of This One: "Online researchers say they have found flaws in Apple's new child abuse detection tool that could allow bad actors to target iOS users.""

"The malware was delivered through multiple ad networks, and used a number of vulnerabilities, including a recently-patched flaw in Microsoft's former Flash competitor Silverlight, which was discontinued in 2013. When the infected adverts hit users, they redirect the page to servers hosting the malware, which includes the widely-used (amongst cybercriminals) Angler exploit kit. That kit then attempts to find any back door it can into the target's computer, where it will install cryptolocker-style software, which encrypts the user's hard drive and demands payment in bitcoin for the keys to unlock it."

"A cryptocurrency is only as reliable as the technology that keeps it running, and Ethereum is learning this the hard way. An attacker has taken an estimated $60 million in Ethereum's digital money (Ether) by exploiting vulnerabilities in the Decentralized Autonomous Organization, an investment collective. The raider took advantage of a "recursive call" flaw in the DAO's code-based smart contracts, which administer the funds, to scoop up Ether many times in a single pass."

"But Lodge admits that the BYOD trend does have a number of flaws. His biggest concern? It encourages students to use technology during teaching time: "The major downside of BYOD is the potential for distraction. Students' own devices are likely to include all the applications they use on a regular basis. This cannot be controlled like it can be with computers provided by the institution.""

"Three software flaws in Facebook's systems allowed hackers to break into user accounts, including those of the top executives Mark Zuckerberg and Sheryl Sandberg, according to two people familiar with the investigation but not allowed to discuss it publicly. Once in, the attackers could have gained access to apps like Spotify, Instagram and hundreds of others that give users a way to log into their systems through Facebook."

"Georgetown University's Center on Privacy and Technology highlighted the April 2017 episode in Garbage In, Garbage Out, a report on what it says are flawed practices in law enforcement's use of facial recognition. The report says security footage of the thief was too pixelated and produced no matches while high-quality images of Harrelson returned several possible matches and led to one arrest."

"An internet blackout that knocked out some of the world's biggest websites on Tuesday was ultimately caused by a single customer updating their settings, the infrastructure provider Fastly has revealed. A bug in Fastly's code introduced in mid-May had lain dormant until Tuesday morning, according to Nick Rockwell, the company's head of engineering and infrastructure. When the unnamed customer updated their settings, it triggered the flaw, which ultimately took down 85% of the company's network."

"Oliver also pointed to a Finnish man who once found "one of the most severe security flaws ever discovered in a voting system" in US machines and alerted their manufacturers, who released a patch to fix the problem in 2006. The state of Georgia, however, never installed it, and the Senate report noted their machines hadn't been updated since at least 2005. "They'd essentially been hitting the 'remind me tomorrow' button on a critical security update for over a decade," Oliver explained, "meaning Georgia's election systems operate on the same level of technical proficiency as Every Dad"."

"But users began to spot flaws in the feature over the weekend. The first to highlight the issue was PhD student Colin Madland, who discovered the issue while highlighting a different racial bias in the video-conference software Zoom. When Madland, who is white, posted an image of himself and a black colleague who had been erased from a Zoom call after its algorithm failed to recognise his face, Twitter automatically cropped the image to only show Madland."

"Over the years critics have pointed out their many shortcomings as well. Perhaps the biggest flaw of all is that the laws are vague. If machines become so human that we find it difficult to tell them and us apart, how will a machine tell the difference? Where does humanity end and artificial intelligence begin? And even if an AI can distinguish itself from a human being, we also cannot know what loopholes and reprogramming a robot is capable of. Surely an AI more clever than us could plan a way to access its core and bypass any of its existing limitations."