Security experts warn of a new piece of the Silex malware that is bricking thousands of IoT devices, and the situation could rapidly go worse.
Akamai researcher Larry Cashdollar discovered a new piece of the Silex malware that is bricking thousands of IoT devices, over 2,000 devices have been bricked in a few hours and the expert is continuing to see new infections.
Cashdollar explained that the Silex malware trashes the storage of the infected devices, drops firewall rules and wipe network configurations before halting the system.
The only way to recover infected devices is to manually reinstall the device’s firmware.
Silex is not the first IoT malware with this behavior, back in 2017 BrickerBot bricked millions of devices worldwide.
According to ZDnet that interviewed the malware’s creator, the attacks are about to intensify in the coming days.
“The malware had bricked around 350 devices when this reporter began investigating its operations, and the number quickly spiked to 2,000 wiped devices by the time we published, an hour later.” reported ZDnet.
“Attacks are still ongoing, and according to an interview with the malware’s creator, they are about to intensify in the coming days.”
The researcher Ankit Anubhav was also able to trace the attacker and confirmed that the bot was developed to brick the infected IoT devices.
Anubhav believes that the Silex malware was developed by a teenager using the online moniker of Light Leafon. The same guy has also created the ITO IoT botnet,
According to Cashdollar, the Silex malware uses a list of known default credentials for IoT devices in the attempt to log in and perform malicious actions. The malware writes random data from /dev/random to any mounted storage it finds.
“I see in the binary it’s calling fdisk -l which will list all disk partitions,” Cashdollar told ZDNet. “It then writes random data from /dev/random to any partitions it discovers.”
The malware also deletes network settings and any other data on the device, then it flushes all iptables entries before halting or rebooting the device.
The IoT malware is targeting any Unix-like system with default login credentials, according to Cashdollar it leverages a Bash shell version to target any architecture running a Unix like OS.
The malware could brick Linux servers having Telnet ports open that use known credentials.
The IP address (185[.]162[.]235[.]56) behind the attacks observed by the experts is hosted on a VPS server owned by novinvps.com, which is operated out of Iran.
According to Ankit Anubha who spoke with the author of the malware, the developer has definitively abandoned the HITO botnet for Silex and plans to implement other destructive features (SSH hijacking capability, add exploits into Silex).
At the time it is not clear the Light’s motivation for these attacks, let’s hope he will use his talent for legal and good projects.
Just Arrived back from vacation to hear there's a new chat Server called Evolution ChatThey also have a Radio station called Outlaw Radio. http://www.outlaw-radio.net http://www.evolutionchat.co Owner's of chat Merlin & DarkAngel
Researchers devised a new side-channel attack in Qualcomm technology, widely used by most Android smartphones, that could expose private keys.Researchers have uncovered a new side-channel attack that could be exploited by attackers to extract sensitive data from Qualcomm secure keystore, including private keys, and passwords. The attack potentially impacts most of the modern Android devices that use Qualcomm chips, including popular Snapdragon models 820, 835, 845 and 855 The attack leverages a flaw in the Qualcomm Secure Execution Environment (QSEE), designed to securely store cryptographic keys on devices. “A side-channel attack can extract private keys from certain versions of Qualcomm’s secure keystore. Recent Android devices include a hardware-backed keystore, which developers can use to protect their cryptographic keys with secure hardware.” reads a blog post published by NCC Group. “On some devices, Qualcomm’s TrustZone-based keystore leaks sensitive information through the branch predictor and memory caches, enabling recovery of 224 and 256-bit ECDSA keys. “ According to NCC, the Hardware-backed keystores rely on ARM TrustZone to protect sensitive data, it splits execution on many devices into a secure world (used to manage sensitive data) and a normal world (used by processes of the Android OS). Experts pointed out that the two worlds have the same underlying microarchitectural structures, meaning an attacker could carry out a side-channel attack to access protected memory. The experts used a memory cache analyzer called Cachegrab to carry out side-channel attacks on TrustZone. The experts tested a rooted Nexus 5X device using the Qualcomm Snapdragon 808 and discovered that the QSEE that leaking data that could be used to recover 256-bit ECDSA keys. The attacker must have root access to the device to launch the attack. Qualcomm has released a security patch to address the flaw tracked as CVE-2018-11976, while Android disclosed a patch for the flaw in its April update. Below the timeline of the flaw: March 19, 2018: Contact Qualcomm Product Security with issue; receive confirmation of receiptApril, 2018: Request update on analysis of issueMay, 2018: Qualcomm confirms the issue and begins working on a fixJuly, 2018: Request update on the fix; Qualcomm responds that the fix is undergoing internal reviewNovember, 2018: Request update on the timeline for disclosure; Qualcomm responds that customers have been notified in October, beginning a six-month carrier recertification process. Agree to April 2019 disclosure date.March, 2019: Discuss publication plans for April 23April, 2019: Share draft of paper with QualcommApril 23, 2019: Public Disclosure“Providing technologies that support robust security and privacy is a priority for Qualcomm,” a Qualcomm spokesperson told Threatpost. “We commend the NCC Group for using responsible disclosure practices surrounding their security research. Qualcomm Technologies issued fixes to OEMs late last year, and we encourage end users to update their devices as patches become available from OEMs.”Technical details of the vulnerability are available in the paper published by the expert. Source: https://securityaffairs.co
Roundup While last week the Microsoft headlines were all about bonzer financial results, storage problems and, er, Microsoft Paint, other things were afoot in Redmond. Insiders unblocked thanks to prunes, fibre and a minty fresh Windows 10 BuildIt has been a while – over two weeks by our reckoning – but the Windows Insider gang has finally given its loyal army of volunteer testers something to chew over in the form of build 18885. The build, which arrived on Friday 26 April, follows hot on the heels of a fix for Insiders still running on 19H1 to allow an update to the Windows 10 of 2020. Something lurking within the May 2019 Update, when patched to build 18362.53, left the 20H1 installer with a serious case of indigestion, and Microsoft to throw up a block to stop the OS trying to slither its way onto some Insiders' desktops. With Friday's update, 19H1 users should now be able to make the leap to 20H1, having first patched to 18362.86. However, they are likely to be a little disappointed because, at this point in the development cycle, there just isn’t much to get too excited about. The company is, after all, still a year or so away from release. That said, the team has gotten around to adding more languages to the built-in dictation support in the operating system. Current versions of Windows 10 struggle to accept that there might be a world of people without English (United States) voices. With 20H1, Brits, Canadians and Australians can now get in on the action. The gang has also added support for Germany, Italy, Spain and France among others. The build also includes a fix for that whole pesky external storage thingas well as a wonderful bug whereby Windows Hello would immediately sign a user back into their PC after the unlucky punter had locked the thing (which resulted in some impressive keyboard gymnastics to stay out of the camera's view during the locking process.) However, Microsoft continued to point the finger of blame for PC crashes at game developers who had failed to update their wares to deal with the long-running anti-cheat code issues. The team cheerfully said "most games have released patches" and urged gamers to ensure they are up to date before attempting an operating system upgrade. My phone, Your Phone, anything but iPhoneWindows Insiders (or some of them, at least) were also gifted a Your Phone update, as Microsoft's Director of Program Management for Mobile 'eXperiences', Vishnu Nath, announced some new toys were inbound. For orphaned Windows Phone users, the idea of a Microsoft Mobile Experience is more reminiscent of an David Attenborough nature documentary: "Look at the pretty thing, oh dear – it's dead now." Microsoft's mobile efforts are now focused on the Android and iOS worlds, and to that end the update brings phone notifications to the PC screen. The user can select which notifications they wish to see and when a notification is dismissed on one device, it is also dismissed on the other. Your Phone, which made its debut last year, already synchronises text messages between devices, as well as allowing access to recent photos on a connected device. Back in March the team added the ability to mirror the phone's screen onto a PC, but only for a vanishingly small cross-section of users. You needed a Samsung Galaxy S8/S8+ or S9/S9+ and a PC with a Bluetooth radio that supported the low-energy peripheral role. Like, er, a Surface Go. While the Bluetooth requirement remains present, the update has extended the number of phones supported, with the OnePlus 6, OnePlus 6T, Samsung Galaxy S10e, S10, S10+, Note 8, Note 9 devices added to the list. Alas, iPhone users still cannot get in on the fun. When Nath says "phone" he means "Android". All the text syncing, notification bothering and screen mirroring won't be happening for users of Apple's devices, as Nath observed when asked: While the gang lays claim to 84 issues closed in this release, the most eye-catching is the new Variable Explorer and Data Viewer. This feature allows Visual Studio Code users to take a look at variables in the application via an explorer which shows up when code is running. Additional variables make an appearance as they get used in the code. While still a bit crude at present (searching values is a bit simplistic), getting at the contents of variables via the new Data Viewer will prove invaluable during debugging, although you'll also need Pandas 0.20 or later to join in the fun. Microsoft has maintained quite the cadence for its Visual Studio Code source wrangler, with an update to the open source editor this month as well as the refreshed Python extension as part of its ongoing efforts to woo developers. Judging by the 2019 Stack Overflow survey, it seems to be succeeding. Azure giveth and Azure taketh awayAs new versions of technologies get flung out at a tremendous pace, old ones must also be gently nudged out to pasture. As Kubernetes 1.13 support became generally available in Azure Kubernetes Service (AKS) last week, Microsoft announced that it was about to put a bullet into the head of version 1.9 support. AKS only supports four minor versions of Kubernetes, so the 30-day notice for 1.9's demise should not come as too much of a shock. While developers can still create new 1.9.x clusters during the deprecation period, it probably isn't a good idea. When 25 May rolls around, 1.9.x will be removed with little ceremony and support yanked. Azure Blob fans, however, will be happy to note the "General Availability" sticker slapped onto the Azure data migration utility AzCopy 10 last week. We took a look at the preview last month and Microsoft has gone on to tweak things to make life easier for users seeking to get data out of an AWS S3 bucket and into the cloudy world of Azure. The latest release of AzCopy, version 10.0.9, has added AWS S3 as a source and will copy data directly without having to shunt the bits and bytes down to a client first. By stripping out that bottleneck, the Azure gang claimed rates of 50Gbps when copying from a S3 bucket to Azure Storage in the same region. You're in the Army nowWhile all eyes were on Microsoft's financials last week, the US Department of Defense announced it would be tipping $7,269,740 into the software giant's coffers as part of a fixed price, single bid Enterprise Services contract. The work will be performed in Fort Gordon, Georgia and is expected to be complete a year from now, on 2 May 2020. Army funds were obligated at the time of the award.
Apple has smacked back at app developers moaning that their parental control apps were chucked off the App Store. Several app makers went to the New York Times to complain that their applications had been removed without warning from the digital outlet. Amir Moussavian, chief executive of OurPact, told the paper: "They yanked us out of the blue with no warning….They are systematically killing the industry." The latest version of Apple's mobile operating system includes tools to restrict access to applications. Apple insisted that it gave all the app-makers 30 days to alter their applications to bring them into line with App Store rules. Specifically, Apple said the axed apps used Mobile Device Management: "MDM gives a third party control and access over a device and its most sensitive information including user location, app use, email accounts, camera permissions, and browsing history." Apple said it began investigating MDM use by "non-enterprise developers" in early 2017 and changed its rules in the middle of 2017. The company noted what it considers acceptable use of MDM including use by enterprises to track devices and control access to proprietary data. But Apple described use of MDM for consumer-focused applications as "incredibly risky" as well as being a violation of App Store Ts & Cs. Apple warned that beyond the direct control such an app would have over an iPhone, MDM also creates profiles which could be used by hackers to get control of a device. Apple said it gave app makers 30 days to update their software or risk being removed. The company said: "Several developers released updates to bring their apps in line with these policies. Those that didn't were removed from the App Store." Several app makers are making complaints to the European Union's competition watchdog. The full statement is available here. The World Health Organisation released guidelines of child development last week which were widely reported as suggesting restrictions on screen time. Actually, the recommendations were for more physical activity generally along with better quality sleep. For three- to four-year-olds that means at least 180 minutes a day of varied physical activity and between 10 and 13 hours of "good quality" sleep. WHO noted that 23 per cent of adults and a whopping 80 per cent of adolescents are not "sufficiently physically active".
Chainscriptz would like to wish everyone a very Happy Easter & all the best to you and your Family & loved ones.
Fior further information contact Nexus Oblivion AKA Pent or if you were once in that group on MSN you can joing the facebook group Long in the tooth and answer there questions.
Reaching out to all former affiliates and associates of myself (Pent), Fang, Pandora, Wolf Pack and msn's religion category in general. I can be contacted via fb "Nexus Oblivion". We've already gathered 40 + known associates in light of so disheartening news which i will not do the disrespect of delivering in this fashion.
Mozilla is releasing an ARM version of its Firefox browser today for Windows 10. While Microsoft and Google have been working together on Chromium browsers for Windows on ARM, Mozilla has been developing its own ARM64-native build of Firefox for Snapdragon-powered Windows laptops. We got an early look at this version of Firefox late last year, and it seemed to fare well on an ARM laptop with a dozen tabs open. This new build of Firefox is available today as part of Mozilla’s beta channel for the browser for anyone with an ARM-powered Windows 10 laptop to test. That might not be a lot of people right now, but Mozilla has been working on its Firefox Quantum technology to optimize Firefox for the octa-core CPUs available from Qualcomm. This should mean the performance is relatively solid, while maintaining all of the regular web compatibility you’d expect from Firefox. ARM VERSIONS OF CHROMIUM ON THE WAY SOONChromium ARM64 builds seem relatively close, too. A developer successfully built and ran a version of Chromium on an ARM-powered laptop recently, demonstrating that it should also perform well on these devices. It’s not clear when Google or Microsoft will release ARM versions of their Chromium browsers, though. Microsoft is currently testing its new Chromium-powered Edge browser with developers, ahead of a release across Windows, Mac, and ARM-powered versions of Windows 10. If you’re interested in testing out the new Firefox on an ARM Windows laptop, you can download it from Mozilla’s beta site right here. Source: The Verge
The US Justice Department just officially charged Wikileaks co-founder Julian Assange, shortly after he was removed from the Ecuador embassy in London and arrested by local police. The charge is "conspiracy to commit computer intrusion" for agreeing to break a password to a classified US government computer. The Justice department also said it was in relation to "Assange's alleged role in one of the largest compromises of classified information in the history of the United States."
It's the same allegation that was made in the Chelsea Manning trial in 2013, in which the former US Army private was found guilty of theft and espionage in relation to the release of classified government documents. But now that Assange has had his asylum revoked by the Ecuadorian government and has been arrested, he can finally be extradited to the US to face these charges.
More specifically, the Justice Department alleges that Assange conspired to assist Manning in cracking a password that allowed access to US Department of Defense computers that contained classified information. The alleged conspiracy was said to be carried out in March of 2010, a time when Manning was already using her access to download documents and transmit them to WikiLeaks. The DoJ alleges that during their communications, Assange actively encouraged Manning to provide more information, even after she said that there was nothing left to send -- the charge of conspiracy to commit computer intrusion relates to Assange's offer to help break a password to get more classified info.
If found guilty, Assange would face up to five years in prison, though the Justice Department notes that actual sentences are often less than the maximum penalty. That said, there could be more charges against Assange coming from the US -- these revealed today are just the basis of the US's extradition request.
Before Assange can stand trial in the US, however, he needs to be extradited from the UK, a process that could take months or even years. Even if a UK judge agrees to the US government's request, Assange is likely to appeal that decision through the various layers of the UK court system.
Shortly after the US charges were revealed, Assange appeared in a London at the Westminster Magistrates Court. A District Judge quickly found Assange guilty of failing to surrender to police on June 29th, 2012. He was out on bail in August of 2012 when he went into the Ecuadorian embassy in London; he then claimed asylum and lived there until today.
His next appearance in UK court is now set for May 2nd (via video link), at which time the US extradition request will be discussed.
Today in “Facebook apps are too big to manage,” a glitch caused some users’ Instagram Stories trays to show Stories from people they don’t follow. TechCrunch first received word of the problem from Twitter user InternetRyanwho was confused about seeing strangers in his Stories Tray and tagged me in to investigate. The screenshots below show people in his Stories tray whom he doesn’t follow, as proven by the active Follow buttons on their profiles. TechCrunch inquired about the issue, and the next day Instagram confirmed that a bug was responsible and it had been fixed. Instagram is still looking into the cause of the bug but says it was solved within hours of being brought to its attention. Luckily, if users clicked on the profile pic of someone they didn’t follow in Stories, Instagram’s privacy controls kicked it and wouldn’t display the content. Facebook Stories wasn’t impacted. But the whole situation shakes faith in the Facebook corporation’s ability to properly route and safeguard our data, including that of the 500 million people using Instagram Stories each day. An Instagram spokesperson provided this statement: “We’re aware of an issue that caused a small number of people’s Instagram Stories trays to show accounts they don’t follow. If your account is private, your Stories were not seen by people who don’t follow you. This was caused by a bug that we have resolved.” The problem comes after a rough year for Facebook’s privacy and security teams. Outside of all its scrambling to fight false news and election interference, Facebook and Instagram have experienced an onslaught of technical troubles. A Facebook bug changed the status update composer privacy setting of 14 million users, while another exposed up to 6.8 million users’ unposted photos. Instagram bugs have screwed up follower accounts, and made the feed scroll horizontally. And Facebook was struck by its largest outage ever last month, after its largest data breach ever late last year exposed tons of info on 50 million users. Facebook and Instagram’s unprecedented scale make them extremely capital efficient and profitable. But that size also leaves tons of surfaces susceptible to problems that can instantly impact huge swaths of the population. Once Facebook has a handle on misinformation, its technical systems could use an audit. Source: TC
Shortly before ten o’clock on the morning of May 10 last year, Jim Balsillie, cofounder of Research in Motion (rim), the Waterloo, Ontario, company that created BlackBerry phones, took a seat in a conference room across from Parliament Hill. Next to him sat Colin McKay, an executive from Google, the company whose Android operating system was responsible, in part, for BlackBerry’s fall from grace. rim (now BlackBerry) was an industry powerhouse a decade ago, but the success of Android and Apple phones cut its share of the global smartphone market to nearly zero by 2016. Despite this history, it was Balsillie, sporting a neon green tie, who exuded confidence.
The men had been called to testify before the House of Commons ethics committee about the Cambridge Analytica scandal, triggered less than two months prior by Canadian whistle-blower Christopher Wylie when he revealed that a British firm had pilfered the personal information of up to 87 million people on Facebook, which was later used by Donald Trump’s 2016 presidential-election campaign. But the hearing quickly devolved into an interrogation of the data-collection practices of a tech industry that, for years, has been hell bent on fending off calls for oversight. McKay, visibly uncomfortable, an uncooperative strand of his combed-back hair dangling above his glasses, was there in part to convince the MPs that Google was not guilty of the negligent privacy practices that Facebook had been accused of. Balsillie, who had cut ties with rim in 2012, joined in the takedown of his former industry, his zeal scarcely concealed.
The data-driven economy, Balsillie warned, was developing faster than the ability of policy makers to reckon with its consequences. “We are cascading toward a surveillance state,” he said, conjuring a world divided into the watchers and the watched, a world where Big Tech piles up astronomical profits by distilling our everyday experiences into data to monetize—in some instances, doing so “without a moral conscience.” He mentioned how, in Australia, Facebook had been caught designing algorithms to identify stressed, overwhelmed, and anxious teenagers on its network, presumably to assist advertisers who might want to target them. Google has faced its own parade of scandals, which include the accusation that it illegally collects children’s personal information through YouTube, a subsidiary with algorithms that can push viewers toward increasingly polarizing and vile content—from neo-Nazis to Trump-bashing conspiracy theorists. Why? Because that’s likely to keep us most engaged, thus maximizing Google’s ad revenue.
Security experts at Bad Packets uncovered a DNS hijacking campaign that is targeting the users of popular online services, including Gmail, Netflix, and PayPal.Experts at Bad Packets uncovered a DNS hijacking campaign that has been ongoing for the past three months, attackers are targeting the users of popular online services, including Gmail, Netflix, and PayPal. Hackers compromised consumer routers and modified the DNS settings to redirect users to fake websites designed to trick victims into providing their login credentials. Bad Packets experts have identified four rogue DNS servers being used by attackers to hijack user traffic. “Over the last three months, our honeypots have detected DNS hijacking attacks targeting various types of consumer routers.” reads the report published by Bad Packets. “All exploit attempts have originated from hosts on the network of Google Cloud Platform (AS15169). In this campaign, we’ve identified four distinct rogue DNS servers being used to redirect web traffic for malicious purposes.” Experts pointed out that all exploit attempts have originated from hosts on the network of Google Cloud Platform (AS15169). The first wave of DNS hijacking attacks targeted D-Link DSL modems, including D-Link DSL-2640B, DSL-2740R, DSL-2780B, and DSL-526B. The DNS server used in this attack was hosted by OVH Canada (66[.]70.173.48). The second wave of attacks targeted the same D-Link modems, but attackers used a different rogue DNS server (144[.]217.191.145) hosted by OVH Canada. The fourth DNS hijacking attacks originated from three distinct Google Cloud Platform hosts and involved two rogue DNS servers hosted in Russia by Inoventica Services (195[.]128.126.165 and 195[.]128.124.131). In all the DNS hijacking attacks the operators performed an initial recon scan using Masscan. Attackers check for active hosts on port 81/TCP before launching the DNS hijacking exploits. The campaigns aim at users Gmail, PayPal, Netflix, Uber, attackers also hit several Brazilian banks. , says. Experts found over 16,500 vulnerable routers potentially exposed to this DNS hijacking campaign. “Establishing a definitive total of vulnerable devices would require us to employ the same tactics used by the threat actors in this campaign. Obviously this won’t be done, however we can catalog how many are exposing at least one service to the public internet via data provided by BinaryEdge” continues Bad Packets. Experts explained that attackers abused Google’s Cloud platform for these attacks because it is easy for everyone with a Google account to access a “Google Cloud Shell.” This service offers users the equivalent of a Linux VPS with root privileges directly in a web browser. Further technical details, including IoCs, are reported in the analysis published by Bad Packets: https://badpackets.net/ongoing-dns-hijacking-campaign-targeting-consumer-routers/
Security researchers discovered weaknesses in WPA3 that could be exploited to recover WiFi passwords by abusing timing or cache-based side-channel leaks.One of the main advantages of WPA3 is that it’s near impossible to crack the password of a network because it implements the Dragonfly handshake, Unfortunately, we found that even with WPA3, an attacker within range of a victim can still recover the password of the Wi-Fi network. Security researchers Mathy Vanhoef and Eyal Ronen discovered weaknesses in the early implementation of WPA3-Personal that could be exploited by an attacker within range of a victim to recover WiFi passwords by abusing timing or cache-based side-channel leaks. One of the main advantages of WPA3 is that it’s near impossible to crack the password of a network because it implements the Dragonfly handshake, Unfortunately, we found that even with WPA3, an attacker within range of a victim can still recover the password of the Wi-Fi network. Security researchers Mathy Vanhoef and Eyal Ronen discovered weaknesses in the early implementation of WPA3-Personal that could be exploited by an attacker within range of a victim to recover WiFi passwords by abusing timing or cache-based side-channel leaks. An attacker can steal sensitive transmitted information, including credit card numbers, passwords, emails, and chat messages. “Concretely, attackers can then read information that WPA3 was assumed to safely encrypt. This can be abused to steal sensitive transmitted information such as credit card numbers, passwords, chat messages, emails, and so on.” reads a dedicated website published by the experts that describe the DragonBlood research. The experts provided technical details about two design flaws in WPA3 that could be exploited to carry out downgrade and side-channel leaks. Devices that support WPA3 must guarantee backward compatibility with WPA2 and this is done supporting a “transitional mode of operation” that could accept connections using both WPA3-SAE (Simultaneous Authentication of Equals (SAE) handshake aka Dragonfly) and WPA2. The security duo demonstrated that the transitional mode is vulnerable to downgrade attacks. An attacker could abuse it to set up a rogue AP that only supports WPA2, forcing the WPA3-certified devices to connect using insecure WPA2’s 4-way handshake. “We present a dictionary attack against WPA3 when it is operating in transition mode. This is accomplished by trying to downgrade clients to WPA2. Although WPA2’s 4-way handshake detects the downgrade and aborts, the frames sent during the partial 4-way handshake provide enough information for a dictionary attack.” reads the DragonBlood research paper. “We also present a downgrade attack against SAE, and discuss implementationspecific downgrade attacks when a client improperly autoconnects to a previously used WPA3-only network.” The attackers need to know the SSID of the WPA3- SAE network to carry out the attack, experts pointed out that a man-in-the-middle position is not needed. Anyway, the attacker must be close to a client to broadcast a WPA2-only network with the given SSID and force the target to connect to our rogue AP using WPA2. The experts detailed two side-channel attacks against Dragonfly’s password encoding method (Cache-based (CVE-2019-9494) and Timing-based (CVE-2019-9494) attacks) that could be exploited by attackers to perform a password partitioning attack and obtain Wi-Fi password. “The cache-based attack exploits Dragonflys’s hash-to-curve algorithm, and our timing-based attack exploits the hash-to-group algorithm. The information that is leaked in these attacks can be used to perform a password partitioning attack, which is similar to a dictionary attack. The resulting attacks are efficient and low cost.” wrote the experts. “our cache-based attack exploits SAE’s hash-to-curve algorithm. The resulting attacks are efficient and low cost: bruteforcing all 8-character lowercase password requires less than 125$ in Amazon EC2 instances” continues the paper. To carry out the password partitioning attack, the experts need to record several handshakes with different MAC addresses. It is possible to record them by targeting multiple devicess in the same network (e.g. tricking multiple users to download the same malicious application). If the attackers are only able to hit one client, then it is necessary to set up rogue APs with the same SSID but a spoofed MAC address. Experts also demonstrated how to abuse side-channel defenses of SAE (against already-known leaks) to introduce overhead and cause a denial-of-service (DoS) condition. They were also able to bypass SAE’s anti-clogging mechanism that is supposed to prevent DoS attack “An adversary can overload an AP by initiating a large amount of handshakes with a WPA3-enabled Access Point (AP). Although WPA3 contains a defense to prevent such denial-of-service attacks, it can be trivially bypassed.” continues the experts. “By repeatedly initiating handshakes from spoofed MAC addresses, the AP performs many costly password derivation operations (i.e. it performs many executions of the “Hunting and Pecking” algorithm). Depending on the AP under attack, this may consume all resources of the AP.” The experts plan to release the following four separate proof-of-concept tools to test the vulnerabilities they described. Dragondrain—a tool that can test to which extend an Access Point is vulnerable to Dos attacks against WPA3’s Dragonfly handshake.Dragontime—an experimental tool to perform timing attacks against the Dragonfly handshake.Dragonforce—an experimental tool that takes the information to recover from the timing attacks and performs a password partitioning attack.Dragonslayer—a tool that implements attacks against EAP-pwd.The researchers reported their findings to the WiFi Alliance and are working with vendors to address the flaw in existing WPA3-certified devices. Below the press release published by the WiFi Alliance:
Justice League (Spcn ircwx)2019
DC comics / films for Justice League Superheroes. Socketless , and quick off the mark. Has vids, movies, slide-show ,
mp3 player etc. etc.. Hope you will like it......cheers , paige..
Sparkpea Scripts (ircwx)
The first home delivery drone service has been launched in Australia, after years of test flights. Wing, owned by Google's parent company Alphabet, will deliver takeaway food, coffee and medicines by drone to about 100 homes in Canberra. It has been testing its drones in Australia since 2014 but many residents had complained about the noise. Wing said the feedback obtained during its trials had been "valuable" and it hoped to "continue the dialogue". Australia's aviation authority gave Wing permission to launch a commercial service after examining its safety record and operational plans. It judged that the company posed no risk to residents or other aircraft. Image copyrightWINGImage captionWing deliveries are lowered on stringWing's drones deliver small packages which are lowered into the customer's garden on a length of string. However, the approval has several conditions attached. The drones will only be allowed to fly during the day and not before 08:00 AEST at the weekend. They will not be allowed to fly over crowds or main roads. Skip Youtube post by Mack and Marty MonkeyWarning: Third party content may contain advertsReportEnd of Youtube post by Mack and Marty Monkey Trials of the drones had attracted complaints from residents in Bonython, Canberra, who said they were noisy and intrusive. The Bonython Against Drones campaign said the devices could be heard from "a long way off, both coming and leaving". "When they do a delivery drop they hover over the site and it sounds like an extremely loud, squealing vacuum cleaner," the group said on its website. In response, Wing said it had developed a quieter drone. The aviation authority says Wing must use this quieter drone for its commercial service.
Another OpenSSD homepage is now open. New announcements, documents, and source codes will be shared on the new webpage which is www.openssd.io. For now, this site would be used for sharing info on Cosmos/Cosmos+/Cosmos Mini. However, it would be used for other projects soon. We cordially invite you to become a project participant, contributor, and user. (The link update may be requested by sending an email to firstname.lastname@example.org or email@example.com. Thank you!)
Last week, Microsoft announced that Windows 10 20H1 is coming to the Fast ring, rather than 19H2, which is what was expected. 19H2 is the next feature update for the OS, which will arrive later this year. 20H1 is the one coming after that, arriving in the first half of 2020.
The Skip Ahead subset of the Fast ring has been testing out 20H1 for some time now, and now it's being merged with the regular Fast ring. While there's limited space in Skip Ahead, anyone can join the Fast ring. That means that for the first time, anyone can test out builds from the 20H1 development branch.
That being said, Microsoft today released Windows 10 Insider Preview build 18875 to the Fast ring.
There's not a whole lot that's new still; we can probably expect to hear more about what's coming around the Build timeframe. Here's the full changelog from build 18875:
This build is replacing build 18362 in the Fast ring, and it's worth noting that the old build is the release candidate for the Windows 10 May 2019 Update. This is your last chance to jump off of the Windows Insider Program without doing a factory reset. It's also worth noting that this opportunity typically comes every six months, but since we're testing an update that won't be available for another year, this opportunity won't come again until spring 2020.
Already, Google provides several ways to help you log in to your accounts securely, including two-factor authentication on Android devices, its Titan Security Key dongle, and Google Prompt. The search giant admits, however, that attackers can still use advanced steps like fake login pages to bypass those security methods.
As part of an effort to further beef up your account's security, Google has introduced a new way to let you turn your Android device into a physical security key. That means you don't have to purchase a separate dongle, you only need a phone running Android 7.0 Nougat and later.
To start using this new security feature, sign in to your Google account on your Android phone (if you haven't already). Then open Chrome on your Bluetooth-supported Chrome OS, macOS, or Windows 10 PC and head over to the two-step verification settings where you'll be asked to click the "Add security key" option. See to it that Bluetooth is turned on for both your phone and PC before selecting your Android device from the list of available devices.
It's worth noting that the method works like Google Prompt, which relies on an internet-based connection between an Android phone and a Google service. The main difference with the new security feature is that it uses a Bluetooth connection to facilitate a secure login, which means your phone needs to be in proximity to your PC.
For now, the feature is in beta phase and it's available only to Android users who use Chrome. There's no word, though, on whether Google will bring support for web browsers other than Chrome.
The UK government has laid out proposals to regulate online and social media platforms, setting out the substance of its long-awaited White Paper on online harms today — and kicking off a public consultation.
The Online Harms White Paper is a joint proposal from the Department for Digital, Culture, Media and Sport (DCMS) and Home Office. The paper can be read in full here (PDF).
It follows the government announcement of a policy intent last May, and a string of domestic calls for greater regulation of the Internet as politicians have responded to rising concern about the mental health impacts of online content.
The government is now proposing to put a mandatory duty of care on platforms to take reasonable steps to protect their users from a range of harms — including but not limited to illegal material such as terrorist and child sexual exploitation and abuse (which will be covered by further stringent requirements under the plan).
The approach is also intended to address a range of content and activity that’s deemed harmful.
Examples providing by the government of the sorts of broader harms it’s targeting include inciting violence and violent content; encouraging suicide; disinformation; cyber bullying; and inappropriate material being accessed by children.
While it was announced about three months ago, the Razer Turret mouse and keyboard combo for the Xbox One is only now shipping. Folks interested can buy the peripheral combo for $250.
In case you didn’t catch last week’s announcement about this month’s Games with Gold, you are now able to get The Technomancer for the Xbox One, as well as Star Wars Battlefront II for both the 360 and the Xbox One, for free. That is of course, if you have an active Xbox Live Gold subscription.
If you’re in the UK, prices for the aforementioned subscription are set to jump rather significantly starting next month. There will be a 25% increase in price, with annual subscriptions costing £49.99 rather than the current £39.99. The three-month plan will be bumped from £15 to £18, and a monthly subscription will set you back £7 instead of £6. Though the change occurs May 8, current subscribers will still pay the current rate for the next three months, thus being affected by the changes post August 7.
Folks may remember than Microsoft has something called Xbox All Access, which is basically the console variant of the two-year carrier contracts we see for phones. It allows you to get the Xbox console of your choice (either the S or the X), along with Xbox Live Gold and Xbox Game Pass for one monthly fee. As it turns out, the company is also allegedly working on something than doesn’t include the hardware, but rather only the subscription services. Dubbed Xbox Game Pass Ultimate, this would be available for $14.99 a month – or $1 per month for Xbox Insiders during testing -, according to leakster WalkingCat. If the company is planning to unveil this combined offering soon, the most likely ‘big event’ at which this could happen would be E3, which takes place June 11-14.
Since we mentioned Xbox Insiders, if you’re running either Windows 10 1809 or higher, you can now take advantage of some features coming to Game Bar. One is Spotify integration, followed by the ability to add text to your screenshots – thus potentially transforming them into memes -, and a new Xbox Social widget. You can also at long last customize Game Bar by choosing where to pin widgets. To access all this, you need the Xbox Insider Hub app, inside of which you need to select Insider Content, and then Windows Gaming.
Now, gaming on Windows is a broad subject, but of particular interest is Halo: The Master Chief Collection which 343 Industries hasn’t exactly revealed a release date for. However, we do know that if all goes to plan, the studio wants to start testing of Halo: Reach / Master Chief Collection flights this month.
Rounding off this section is a reason for celebration, especially if you’re into Minecraft. To be more specific, the Java Edition on PC has crossed the 30 million sale threshold, which is quite the achievement. As a reminder, the title was released back in 2011 and became a first-party game after Microsoft outright bought Mojang in 2014. According to number released back in October, Minecrafthad sold in excess of 154 million copies and had more than 91 monthly active players across all platforms.
A bunch of builds
We kick off this section with a cumulative update for the October 2018 Update, which is KB4490481 and bumps the build up to 17763.404. It includes a long list of fixes related to Edge, IE, information related to various time zones, Microsoft Store applications failing to launch, and much more.
There are some known issues to be aware of with the update above, one of which is IE11 – and other applications which use WININET.DLL – having authentication issues. This is solved by creating a different account for each person logging on to a Windows Server machine.
Yet another known issue is one centered on MSXML6, which causes applications to stop responding if an exception is thrown during node operations, Custom URL Schemes for Application Protocol handlers may stop working, there may be issues with the Preboot Execution Environment if the Variable Window Extension is in use, and finally, if end-user-defined characters (EUDC) are enabled per font, the system will end up blue screening. It is recommended that you don’t enable EUDC.
A tidbit relevant for developers is that SDK preview build 18362 is out, carrying the same number as the one in the Fast and Slow rings. This means 18362 is the most likely release candidate for version 1903.
Speaking of Fast and Slow rings, 18362.30 has been pushed out to both and it fixes an issue with AAD users not being able to sign-in after updating to a 19H1 PC on an AAD-joined PC, the users’ inability to enable or disable .NET Framework or other optional features, and a bug which caused PCs to refuse to boot after installing a cumulative update, followed by an optional feature-on-demand. On a related note, if you’re in the Slow ring, you’ll have to install 18356.21 before the build above, because this one removes the block for the 18362 line of builds. As you may remember, this was because of some updating issues in this ring back when 18362 was initially released.
Capping off the section is a weird bit of news, as Microsoft has announced that 20H1 builds are headed for the Fast ring. No, this isn’t a typo, and yes, 19H2 does still exist. The latter is promised to be coming later this spring.
Apps being discontinued
If you happen to still be on Microsoft’s ill-fated Windows 10 Mobile, you’ll be met with a message when you open the Instagram app. This informs you that support for Instagram on the platform is being pulled come April 30. This of course is no surprise in light that Microsoft has abandoned the mobile OS and that support for version 1703 of it ends in June, while that for 1709 ceases in December.
Just so the app above doesn’t feel lonely – or more likely due to them being made by the same company -, the official Facebook and Messenger apps are also being killed off on April 30. The singular app that is conspicuously missing is WhatsApp, though presumably the announcement of its discontinuation isn’t far behind.
Switching companies and platforms, it’s Microsoft’s turn to discontinue something. On this occasion, we’re talking about the Books section in the Store. The books tab is effective immediately, but those who have either bought or rented titles can read them until the end of the rental period or until July 2019, when they will be removed completely. However, you will get a full refund of the original price of purchase, and any pre-orders will be canceled, with the user not being charged. As you may remember, this feature debuted with the Creators Update, which means it’s been available for less than two years.
On a more positive note, while there has been a switch from EdgeHTML to Chromium for the Redmond giant’s browser, a fair few folks have been asking whether features like smooth scrolling and 4K Netflix streaming will still be a thing once the new Edge (or Edgium, or however folks want to call it) is available. As it turns out, it’s been spotted by some folks on Reddit that Edgium has flags for Widevine and PlayReady, the latter being a hardware-based DRM system – Intel Kaby Lake CPU, Nvidia GeForce 1000 series GPU or higher needed - which allows for 4K streaming. Edge has been the only browser to support 4K streaming since 2016, and these flags are apparently not found in any other Chromium-based browsers.
The Fast ring
Surface Book 2 with 8th-gen Core i5 is now available for purchase.
BMW and Microsoft have collaborated on the Open Manufacturing Platform to ‘drive innovation’.
Visual Studio 2019 is now generally available.
Microsoft has launched an AI-learning program for students in collaboration with OpenClassrooms.
Kaizala is now live for Office 365 users around the globe, though it’s coming to Teams soon.
If you own either a Surface Pro 6 or Surface Pro (2017), you may want to check for updates, as both devices have gotten a number of driver and firmware-related fixes.
Hot corner is a section of The Fast ring dedicated to highlighting five Microsoft-related stories that haven't been covered over here, but that might be for interest.
Azure deployments are now integrated into Spinnaker (starting with release 1.13).
Azure Front Door has reached its GA phase.
Web application firewall, as part of Azure Front Door, is now available in preview.
Widows Containers in the Azure App service now support Server 2019.
There’s now an Azure Functions Premium plan, available in preview.
To end, we take a look at the announcement related to the next feature update for Windows 10, known until recently only as 19H1 or version 1903.
Though there’s been speculation that the update would be dubbed after the month of April, Microsoft has finally revealed that 19H1 is the May 2019 Update, and that it will be coming to the Release Preview next week.
It will be made available near the end of May, meaning it’ll spend at least a month in Release Preview testing, unlike its predecessor which skipped the last ring before production entirely.
But there’s more, as the Redmond giant will be adding a download and install option specifically for feature updates. This way, you’ll be able to install cumulative updates normally, without the fear of the next version of Windows 10 being also installed and potentially breaking something. The only time this automatic push will happen though is if your current version of Windows 10 is nearing its end of support.
Although 1903 is the first to get the option described in the paragraph above, by the end of next month, this feature will be available to folks on 1803 and 1809 too.
Two more things to touch on are the period for which you’ll be able to pause updates, which is up to 35 days. You’ll be able to do this one week at a time for up to five times, and it applies to all flavors of Windows 10 (yes, Windows 10 Home included). Lastly, there will also be a so-called Windows release heath dashboard in order for users to check out the update’s rollout status and known issues.
The changes above are certainly welcome, and should alleviate the more pressing issues that contributed to the kerfuffle around 1809 and its rather low share.
Facebook has revealed a raft of measures it is taking in order to help protect the upcoming Indian General Election. While the social media giant is rolling out its political ad transparency tools such as its Ad Library which it has been deployed in other regions, it is also taking new steps. In addition to the measures we’ve seen before, Facebook is launching new operation centers in Singapore and Dublin that will work with staff at Menlo Park (Facebook’s HQ) and experts in Delhi. This will strengthen the firm’s global coordination and speed up response times when it comes to combating fake news, misinformation, hate speech, and voter suppression. Facebook’s AI systems have been improved too, with support added for 24 new languages, including 16 that are spoken in India. The AI can find offending content and take it down in bulk in a short space of time. Another measure taken to stem fake news is notifications for people and Page Admins who share news articles that have been marked as false by fact checkers. This feedback will allow individuals to remove content that they shared which they believed to be real. Facebook is going to help election candidates bolster their account security too. In a blog post, Ajit Mohan, Managing Director and Vice President for India, said: Lastly, Facebook has signed up to a voluntary code of ethics for the general elections with the Election Commission of India (ECI). This gives the two bodies a dedicated means of communication in order to more quickly take down content and to run voter education efforts.
According to BuzzFeed News, multiple Twitter accounts have been suspended by the social media company due to suspicious activity. The accounts in question were owned by members of the Church of Almighty God, a Chinese religious group, and run in the Hebrew language. This move comes just days before the upcoming Israeli election, which will take place on April 9, 2019. It is still unclear as to why the accounts were suspended and whether they were related to the Israeli elections in any way. Twitter has refused to disclose detailed information regarding its actions against the accounts and the reasons behind their suspensions. Reportedly, the firm has suspended dozens of accounts over the last few months, all of which were associated with the Chinese group. According to a source, some of these accounts were promoting and advocating right-wing political beliefs and religious content posted mostly in Hebrew under what seemed to be fake names. The source also explained that the Twitter accounts were flagged as suspicious by social media researchers because of their apparent "coordinated amplification of content". The profiles also showed up in searches “programmed to look for tweets in Hebrew (to influence Hebrew speakers) generated by account clusters outside Israel". The source commented on this discovery: Allegedly, a representative of Twitter informed BuzzFeed News that the Twitter accounts were suspended due to spam violations. As for the details pertaining to exactly how the accounts were flagged and the exact number of accounts brought down, the representative refused to disclose any more information. The Church of Almighty God is a cult-like religion also known as "Eastern Lightning" and it originates from the Chinese province of Henan. Followers of the CAG believe that Jesus Christ has already been reincarnated in the form of a Chinese woman. Other teachings include a struggle between the righteous and the "great red dragon" - China's Communist Party. The religious group has long been banned in China due to its links with kidnappings, violence and extortion in the past. Source: BuzzFeed News
In February, Facebook began adding more details to why you are seeing certain ads on your News Feed including when and why your data was used to target those ads to you. The details also include which agency uploaded your data and whether they provided your information to another advertiser. Now, the social networking giant has announced that it is adding a similar capability for posts from friends, pages, and groups, plus the option to control what posts you would like to see in the future on your News Feed. The new option dubbed "Why you're seeing this post?" can be accessed from the drop-down menu at the top right of a certain post. The feature will explain why certain ads appear on your News Feed based on historical data of your interactions with specific businesses. In particular, there are three signal categories which will determine what you see on News Feed including the frequency of your interactions with posts from friends, pages or groups; the amount of time you've engaged with a certain type of content; and the popularity of posts. In addition, the feature will provide shortcuts to buttons including "See First", "Unfollow", "News Feed Preferences", and "Privacy Shortcuts" which will let you customize the posts you like to appear on your News Feed. The new feature is part of Facebook's efforts to increase transparency on the platform and give users more control over what content they receive from individuals and groups.
This script will after a random delay voice any user who joins specified channels after a preset minimum and maximum time.